Azure DevOps analysis allow self-signed certificate connection

• Using Azure DevOps plugin task SonarQubePrepare@5
• SonarQube 9.3.0.51899

During Azure DevOps build when setting up SonarQube MSBuild analysis with SonarQubePrepare@5 we are getting following errors:

##[error][SQ] API GET '/api/server/version' failed, error was: {"code":"DEPTH_ZERO_SELF_SIGNED_CERT"}

This one I solved by adding variable NODE_TLS_REJECT_UNAUTHORIZED: 0

And then on re-run another error:

##[error]16:51:17.163  Failed to request and parse 'https://xxx.com/api/server/version': The SSL connection could not be established, see inner exception.
16:51:17.163  Failed to request and parse 'https://xxx.com/api/server/version': The SSL connection could not be established, see inner exception.
##[error]Unhandled exception.
##[error]System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at SonarScanner.MSBuild.PreProcessor.WebClientDownloader.Download(Uri url, Boolean logPermissionDenied)
   at SonarScanner.MSBuild.PreProcessor.SonarWebService.<>c__DisplayClass18_0.<<DownloadServerVersion>b__0>d.MoveNext()

I am aware this is caused by self-signed certificate on the SonarQube instance, we have no plans to change that for now, I am looking for a way to make this work with self-signed cert. Build is running on Azure DevOps hosted agent so configuration options are limited.

Using a Microsoft Azure DevOps Hosted Agent and a self-signed certificate is… pretty brave. Using self-signed certificates for internet-facing services is typically a bad idea

If using self-signed certificates is a requirement, it might be better for you to manage your own build agent where you have full control over things like installing certificates that the system recognizes